In the case where a remote administration tool (RAT) aiming at a targeted attack invades an information processing system, there occurs a risk that confidential data may be leaked, for example.
Against this risk, there is a technique of monitoring predetermined actions taken by the RAT. If this technique makes it possible to detect a computer infected with the RAT and to acquire a trace of attacks made by the infected computer, a part of an invaded range may be known.
Related techniques are disclosed in, for example, Japanese Laid-open Patent Publication Nos. 2005-202664, 2004-13553, 2007-122749, and 2001-217834.